|Summary:||media-video/mplayer <1.0_rc2_p27725-r1 Real demuxer heap overflow (CVE-2008-3827)|
|Product:||Gentoo Security||Reporter:||Stefan Behte (RETIRED) <craig>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
|Bug Depends on:||241110|
Description Stefan Behte (RETIRED) 2008-09-30 10:05:40 UTC
Description: The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video file can be crafted in order to make the stream_read function reading or writing arbitrary amounts of memory. The following patch fixes the issues: http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch
Comment 1 Robert Buchholz (RETIRED) 2008-09-30 16:37:33 UTC
apparently this is fixed in r27675, mplayer/trunk/libmpdemux/demux_real.c
Comment 2 Leo Jackson 2008-09-30 20:51:17 UTC
Created attachment 166868 [details, diff] The patch was released.. This was from the Maintainers
Comment 3 Robert Buchholz (RETIRED) 2008-10-04 18:42:26 UTC
Can we get either stable an mplayer that has this and bug 231836 fixed, or apply the two patches onto our current stable?
Comment 4 Steve Dibb (RETIRED) 2008-10-07 01:57:32 UTC
mplayer-1.0_rc2_p27725 in the tree
Comment 5 Stefan Behte (RETIRED) 2008-10-18 23:33:31 UTC
I see that mplayer-1.0_rc2_p27725-r1 is in the tree, does https://bugs.gentoo.org/show_bug.cgi?id=241110 still need to be fixed? I'd like to get this thing into stable.
Comment 6 Christian Hoffmann (RETIRED) 2008-10-19 09:50:59 UTC
Arches, please test and mark stable: =media-video/mplayer-1.0_rc2_p27725-r1 Target keywords: "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Arches which don't even have ~arch: "alpha ia64 ppc sparc" Apparently, there are still problems w/ sparc and alpha (according to the bug in the dependencies), can you fix them beandog (or anyone from media-video)?
Comment 7 Markus Meier 2008-10-19 14:30:13 UTC
this needs the following packages stable on amd64/x86 (according to repoman): '>=media-video/dirac-0.10.0', 'media-libs/schroedinger', '>=media-libs/x264-0.0.20080406'
Comment 8 Alexis Ballier 2008-10-19 14:37:33 UTC
(In reply to comment #7) > this needs the following packages stable on amd64/x86 (according to repoman): > '>=media-video/dirac-0.10.0', 'media-libs/schroedinger', these should be ok > '>=media-libs/x264-0.0.20080406' please check stable packages from: http://tinderbox.dev.gentoo.org/misc/rindex/media-libs/x264 against 0.0.20080819 This snapshot had been slatted just before an API change; I don't remember any specific breakage with that version, but better double check. Note that you'll need to stabilize x264-encoder of the same version at the same time. 0.0.20081006 changes a bit the API and will break a couple of stable packages.
Comment 9 Markus Meier 2008-10-19 17:12:07 UTC
amd64/x86 stable for the following packages: =media-video/dirac-1.0.0 =media-libs/schroedinger-1.0.5 =media-libs/x264-0.0.20080819 =media-video/x264-encoder-0.0.20080819 =media-video/mplayer-1.0_rc2_p27725-r1
Comment 10 Guy Martin (RETIRED) 2008-10-20 19:48:42 UTC
Comment 11 Markus Rothe (RETIRED) 2008-10-21 17:23:09 UTC
Comment 12 Tobias Scherbaum (RETIRED) 2008-10-30 20:08:44 UTC
Comment 13 Tobias Klausmann (RETIRED) 2008-11-09 11:44:12 UTC
Stable on alpha. Had to mask the dxr3 USE flag due to lack of hardware for testing.
Comment 14 Raúl Porcel (RETIRED) 2008-11-10 11:24:09 UTC
ia64 stable, sparc is waiting for bug 241110
Comment 15 Friedrich Oslage (RETIRED) 2008-11-24 23:08:07 UTC
Sparc stable, sorry for the hold-up :(
Comment 16 Robert Buchholz (RETIRED) 2008-11-29 14:09:07 UTC
Comment 17 Tobias Heinlein (RETIRED) 2009-01-12 19:51:36 UTC
GLSA 200901-07. Thanks everyone, sorry about the delay.